New Resolver unable to handle multiple versions of git dependencies #9304
Comments
|
Thanks for filing an issue! I'm unsure what you're asking for tho. pip is correctly rejecting to install 1.0.0 and 1.0.1, which (from pip's resolvers' perspectives) are two different URLs that don't hold the same artifact. This is exactly what the error message says: that there's a conflict. Could you elaborate on what you are trying to do, and what kind of solution you are looking for? |
Trying to maintain our current (seemingly common) workflow with the new resolver.
Ideally one that doesn't disrupt our ability to share common code across multiple repos. This doesn't seem like it should not be a covered use case by pip. If that requires specifying compatibility ranges as I stated before that would be fine but currently there appears to be no way to do so. |
|
Hello all, Actually @pradyunsg, it seems I've stumbled across the same issue albeit this happens with the same artifacts. The workflow is the same as described above, however all of the packages try to pull the same common package This, obviously, started happening after the upgrade to 20.3.3 😄 -- any clues on how to fix this? |
|
@andylamp in your case it's probably because one URL explicitly mentions the |
|
@sbidoul it happens regardless if I have the edit, @sbidoul here is a log that has the The issue is still there, as I said... |
|
I am also facing a related problem. I think that @sbidoul is potentially hinting at it. In my case, I have two packages A and B, B depends on A. Both of the packages are strictly on GitHub and not published on pypi. But both have Since B depends on A, in B's [
"A@ git+https://github.com/someuser/A.git",
]The B package is installable like so, However, if you place both of the packages in a git+git://github.com/someuser/A
git+git://github.com/someuser/Band change the protocol that is used to install ( Naively, it seems that pip is comparing the string literal to determine conflicts. I am probably wrong about this, but if this is the case, functionally equivalent dependencies that use different protocols will have a conflict. This is also inclusive of if as @andylamp pointed out, |
|
@aaraney in my case all packages strictly use |
or in @andylamp 's case I think the issue is the |
|
I have a similar problem. pip 20.3.0 and 20.3.3 Obfuscated the names, but hopefully it's clear enough: It looks like the egg is being ignored from Does not happen on pip 20.2.4. |
|
@Tbilgere-td just to add to the discussion, reverting back to |
It may be that @andylamp having the same behavior here on < 20.3.* |
|
@aaraney @andylamp @goodspark it isn't just the protocol or differences in the repo branch, it looks like ANY difference in the URL will trigger this. Confirmed by trying each of the following variants, simplified to aaraney's example: Then to install both from requirements.txt (or in any other way where dependencies are resolved, I would imagine) Even a simple change in the url causes an unresolvable dependency, i.e ommit the You can install A using any of the above variants by itself, but not in conjunction with B which defines |
|
Can confirm @hellkite500 's findings we have consistency throughout our git installs and do not hit this case either in any of our repos. |
|
@hellkite500 I think that's the problem I am hitting - I am using two packages |
If the URL strings aren't exact in all places then most likely. The quick workaround is making then match I think. Not a good sustainable solution though IMHO. |
|
For now, I think reverting to an older version of |
|
I stumbled across this issue when my CI workflows for testing packages started acting up. Many of those workflows default update pip to the latest version before setting up the testing env, so downgrading isn't something I want to try on each of those. |
|
ha! this is how I came across that, basically the badge of shame turned red instead of green for initially unknown reasons 😄 |
|
I described in #9229 how the URLs from dependencies must match exactly to resolve correctly, and why this is an important restriction. My suggestion is to to use PEP 508 instead, which is functionally the same as the |
|
@uranusjr I see that there has already been significant discussion on the matter over another issue, however I still think this poses a significant problem going forward - especially with the deprecation of the old resolver. |
|
If you ask me, URL specifications are the significant problem going forward, so there’s no surprise here 🙂 There’s no way to know whether different URLs point to the logical same thing without actually downloading and potentially building the content, which is very problematic in more than one way. So systems using URLs for dependency specification generally impose restrictions over its usage. Go (for which URLs are one of the two primary ways to specify dependencies), for example, behave the same as pip here. The legacy resolver was way too loose, relying on the user doing the right thing (only the user knows |
|
@uranusjr I'm not clear if your comments are directed solely towards the issue of resolving the same dependencies with different URL formatting or my issue of being unable to update common library repos without breaking EVERY subsequent repo can you clarify for me? Thanks. |
no-response
bot
removed
the
S: awaiting response
|
This is the same as #9229. Closing and merging this issue into that. Since this hasn't been stated directly yet: folks depending on the legacy resolver's "eh, ignore the mismatched URLs" approach -- you'll need to change your workflow to adapt to this change. Going forward, pip is not going to allow URL-based packages to have mismatched URLs during installation. This is a part of the changes made as part of pip's new dependency resolver, which makes it stricter about edge cases like this. |
pradyunsg
added
C: direct url
@pradyunsg Hold on a minute here we are trying to manage repo upgrades without having to release dozens of repos everytime a single change is made to ONE common repo. That doesn't seem like a crazy far out and/or lazy idea but, just to be clear, that is the stance pip is taking here? |
|
@pradyunsg @Tbilgere-td I think I need a clarification on that as well - as I find this to be a legitimate use-case. |
|
@Tbilgere-td Could you clarify what you mean by “unable to update common library repos without breaking every subsequent repo”? From what I can see, your service depend on commoncode 1.0.0 exactly, so it’s only natural that app specifying commoncode 1.0.1 would break it. I am not sure how you expect things to work. |
|
@uranusjr I would expect it to work in the same fashion as any other dependency does, I should have someway of describing something like a allowable range and/or explicit allows/denials. |
|
But is the current behaviour not what “other dependencies” do? If you have The installation is supposed to fail, because there’s no way to accept both commoncode 1.0.0 and 1.0.1.
You do, that’s what versions are for. You can specify (Or you can specify the URL in service and use version in app if that’s what you want instead.) |
@uranusjr okay but how does this work for the case where the app doesn't call for common but still calls for Service? This would also mean we wouldn't be able to build Service independently correct? |
|
Then you specify the URL in service and apps that don’t depend on service? But it sounds to me like you have a more complicated project dependencies than the URL is designed to handle. I would strongly encouraged switching to a setup with internal (i.e. non-PyPI) package index, and specify the index to fetch |
|
@uranusjr to steer the conversation back to a remark you made earlier:
First off, I don't disagree from a fundamentalist stand point, however my problem is with treating edge case behavior like it is the straight and narrow. Sure, there are edge cases where minute differences in a URL causes a logical difference in retrieved content -- but again this just seems like an edge case. I see the utility of leaving this as an optional feature to capture those edge cases, but this doesn't seem appropriate to force on all users. Additionally,
I don't think it's a fair comparison between python and go, the two languages serve different purposes and communities. Personally, the more difficult it is for a new user or any user to accomplish their goal using python is non-pythonic. The growing prevalence of type hints is a perfect example of this, in many ways type hints greatly benefit the community; however they are optional and without, python still operates just fine. Of course there is a need for rules and guidelines, but this level of strictness seems like it's gains don't outweigh the benefits for the majority of users. With a language that supports so many open source projects, these kinds of restrictions -- I project -- will only decrease the number of functioning projects over time. The burden should not be placed on the package maintainer, as in many cases, they are not responsive and shouldn't have to be. Also, as a counter to first argument:
It is also true that there is a case when a user may be restricted from using, for example, port 22 and would run into issues when a package specifies its dependencies using, in this case, the ssh protocol. Likewise, to speculate, it's also possible for a server using a reverse proxy to direct a client to different information at GET time. Both of these are highly unlikely and seem, frankly, silly but the important thing to note is that they are also an edge case. To come full circle, in the case of resolving dependencies via URL should this level of restraint be applied? Personally I don't think so. No matter is I specify that I want the information over ssh, https, or git this should not break packages. |
|
@uranusjr then could you please then suggest on how to fix this in both For example within install_requires=[
{name}@git+https://{tok}@github.com/{my_acc}/{name}.git
# more packages...
]Whereas in How can I align these with the new resolver? We do not use different version but rather always the latest once for all internal packages. |
|
From what I can tell, all you need to do is to use the same format in both |
|
is either format allowed in both instances? |
|
The |
|
@uranusjr ok, that's helpful; would it be possible to add this to the documentation as a migration note or something along those lines? I am sure it would save a lot of time in many instances where this type of conflict exists. |
|
Per @uranusjr 's comments above I found that I was able to define a range in E.g. Requirements.txt in Service: Setup.py in Service: Requirements.txt in App: |
|
I'm trying to figure out whether an issue we're facing is the same as this issue or not. Our situation:
This used to work, but doesn't anymore with the new resolver: ResolutionImpossible. Is this case no longer supported or am I doing something wrong? |
|
@justvanrossum I use this scenario daily with the old and new resolver and it works just fine. Can you provide more details about your issue ? |
|
actually, this the new resolver is super problematic; in some instances, it goes into backtracking loops and I have reported multiple examples through the This is of course, apart from all issues surrounding installing packages from source that are mentioned in the thread. |
|
It looks like my issue has to do with extra requirements: A depends on B[extra], and the application installs A and In some cases, writing The smallest example I can create (using public packages) is the following.
|
|
The fact that the third version of my example behaves badly baffles me. Does anyone have some insights regarding using the new resolver + git URLs + extra requirements? Should I open a new issue? I'm less and less sure how my problem relates to this issue. |
What did you want to do?
New Resolver is unable to handle cases where private Git Dependencies are shared but do not match "version" (i.e. Branch, Tag, Commit). This not only makes repo management much more tedious but also makes feature testing in repos much harder or impossible.
For example if we have:
Requirements.txt in service calls:
While requirements.txt in app calls:
Output
Additional information
I have spent a considerable amount of time reading though available documentation and have not been able to identify a solution for this use case (such as version ranging). Am I missing something? Ideally there would be some way to specify compatible range in service, with concrete versions specified in app.
The text was updated successfully, but these errors were encountered: